IOT IS EXPANDING FASTER THAN IT CAN BE SECUREDThe number of IoT devices is exponentially increasing on enterprise OT and IT networks, often without administrators’ awareness or knowledge of their connection, location, or specific purpose. These devices present unique challenges to discovery and risk assessment as they typically access the network without authentication or an associated user. They are highly vulnerable, often running rudimentary or minimized versions of legacy operating systems without basic client protection software. Additionally, they are commonly closed, proprietary systems with minimal or no patching capabilities to defend themselves; installation of security software or device management agents is rarely an option.
Conclusion: IoT/OT devices introduce vulnerabilities and blind spots in network security, significantly increasing the potential for risk due to service disruption, data theft, or compromise leading to ransomware and other attacks.
TAKE CONTROL OF YOUR ENTERPRISEA basic tenet of network security and regulatory compliance is that “You cannot secure what you cannot see.” Gigamon and Ordr have teamed to deliver unsurpassed visibility and control into every thing connected to your network including unmanaged workstations and servers, industrial and medical devices, building automation systems, smart offices, payment processors in PCI zones, as well as mobile and personal assistant devices.
Gigamon Visibility & Analytics Fabric
• Efficiently collects full-fidelity information from your physical,
virtual, and cloud infrastructures
• Optimizes information sent to tools to maximize their efficiency
and ROI, such as performing de-duplication and advanced filtering
• Relieves “SPAN” limitations and capacity to support monitoring
requirements of the entire organization and all consumers
• Supports TLS decryption, ensuring traffic visibility with increasing
use of encryption
• Aggregates collected traffic to create a consistent view of all
information-in-motion
Ordr Systems Control Engine
• Rapidly inventories and classifies all devices including IoT and OT
assets in your domain with high-resolution details
• Automatically groups and tracks devices by type, business function,
OS type, and location
• Assesses devices for vulnerabilities and risk, then learns device
behaviors to establish baselines of safe communication and quick
detection of anomalous activity
• Rapidly stops active threats and isolates compromised devices
• Protects critical IoT/OT devices using microsegmentation
Gigamon and Ordr Joint Solution Brief
Comprehensive IoT/OT discovery, classification, and regulation
V1.0 MAY 2020 1
Gigamon1. Collects and aggregates traffic from all critical network points
2. Optimizes data forwarding, processing, and extraction
3. Sends the right information to Ordr in proper format
4. Serves as foundation for all current and future network and security
monitoring requirements
Ordr1. Identifies all devices including IoT/OT with rich context
2. Establishes baselines for safe behavior to detect anomalies and
generate Zero Trust policies
3. Assesses all devices and communications for risk
4. Protects IoT/OT devices via microsegmentation policies
The Joint Solution
INTERNET
ORDR SENSOR
ORDR SYSTEMS CONTROL ENGINE
PUBLIC CLOUD
BRANCH
FIREWALL
ROUTERS
SPINE SWITCHES
LEAF SWITCHES
GIGAMON VISIBILITY AND ANALYTICS FABRICPHYSICAL, VIRTUAL, AND CLOUD NODES
CONNECTED IT, OT, IOT
VIRTUAL SERVER FARM
IPS APM NPMD SIEM ThreatINSIGHT
PHYSICAL, VIRTUAL,
AND CLOUD
METADATA ENGINE
APPLICATION INTELLIGENCE
SSLDECRYPTION
INLINE BYPASS
V1.0 MAY 2020 2
ORDR TRANSFORMS GIGAMON VISIBILITY AND ANALYTICS FABRIC DATA INTO HIGH-FIDELITY DEVICE CONTEXT…
…AND PROVIDES COMPLETE VISIBILITY INTO ALL DEVICE COMMUNICATIONS.
Ordr Systems Control Engine (SCE) is the industry’s most comprehensive platform for visibility and security of unman-aged, IoT and OT devices. Ordr leverages passive, deep packet inspection and protocol decoding to auto-classify every device and extract rich context such as make, model, OS, and software/hardware versions. Device asset inventory is correlated against industry security feeds to detect vulnerabilities, and traffic monitored with intrusion detection to detect threats, assess risk, and to establish baselines for normal and safe device communications. Device baselines (or flow genomes) enable Ordr to alert on anomalous behavior and dynamically generate microsegmentation policies to protect critical IoT/OT.
To ensure comprehensive data classification and visibility into all communications, it is essential to have comprehen-sive, enterprise-wide traffic collection—enter Gigamon! The Gigamon Visibility and Analytics Fabric (VAF) optimizes data collection of all north-south and east-west traffic across branch, campus, data center and cloud. Collected data is efficiently delivered to consumers like Ordr in the required format and physical medium. The Gigamon VAF feeds Ordr’s big data machine-learning engine to gain complete visibility into all device communications. Gigamon also eliminates SPAN scarcity issues or worrying about oversubscribing a switch with “yet another SPAN port or session.” Furthermore, the Gigamon VAF can significantly reduce the number of sensors required to completely discover and monitor every network-connected device, simplifying your network and security monitoring architecture.
Total Network Visibility And Security
V1.0 MAY 2020 3
About Ordr
At Ordr, we’re energized by the explosive growth in
network-connected systems and devices. We recognize
the tremendous opportunities that this represents for the
hyper-connected enterprise: improved delivery of care,
efficient logistics and operations, quality enhancements
in manufacturing, more stable and intelligent busi-
ness-critical systems. We’re energized because we give
you the power to take control and realize these myriad
opportunities.
Learn more at www.ordr.net.
About Gigamon
Gigamon is the recognized leader in network visibility
solutions, delivering the power needed to see, secure
and empower enterprise networks. Our solutions
accelerate threat detection and incident response
times while empowering customers to maximize their
infrastructure performance across physical, virtual and
cloud networks. Since 2004 we have cultivated a global
customer base which includes leading Service Providers,
Government Agencies as well as Enterprise NetOps and
SecOps teams from more than 80 percent of the Fortune
100.
For the full story on how we can help reduce risk,
complexity, and cost to meet your business needs, visit
our website at www.gigamon.com.
The Gigamon Visibility and Analytics Fabric provides the insight into your network that makes it possible for Ordr SCE to keep track of your devices and understand how they communicate. The VAF enables traffic from across the network to be managed and selectively delivered to Ordr SCE efficiently and in the required format. Ordr SCE can be deployed in the data center or in the cloud, and because the Gigamon VAF can tap east-west data center traffic and monitor virtual and cloud networks, the two tools work seamlessly together in either configuration.
Numerous customers already deploy the joint Gigamon and Ordr solution in their networks, enjoying unparalleled network and device visibility and control. For more information, contact your reseller for a demonstration of the winning combination of Ordr’s sophisticated AI and Gigamon’s total visibility.
Summary